<?
require_once('functions.php');

function GetItems()
{
        $conn = GetConnection();
        return $conn->query('SELECT * FROM 2012WSP_Items');
}
function GetItem($id)
{
        $conn = GetConnection();
        $sql = "SELECT * FROM 2012WSP_Items WHERE id=$id";
        $results = $conn->query($sql);
        //echo $sql;
        $row = $results->fetch_assoc();
        $conn->close();
        return $row;
}
function SaveItem($row)
{
        $conn = GetConnection();
        $row2 = EscapeRow($row, $conn);
        $sql =  "UPDATE 2012WSP_Items "
                .       "Set ProductName='$row2[ProductName]', Price='$row2[Price]'"
                .       "WHERE id=$row2[id] ";
        $results = $conn->query($sql);
        //echo $sql;
        $error = $conn->error;
        $conn->close();
        
        return $error == '' ? true : array('SQL Error' => $error);
}

function NewItem($row)
{
        $conn = GetConnection();
        $row2 = EscapeRow($row, $conn);
        $sql =  "INSERT INTO 2012WSP_Items (ProductName, Price) VALUES('$row2[ProductName]', '$row2[Price]')";
        $results = $conn->query($sql);
        //echo $sql;
        $error = $conn->error;
        $conn->close();
        
        return $error == '' ? true : array('SQL Error' => $error);
}

function DeleteItem($row)
{
        $conn = GetConnection();
        $row2 = EscapeRow($row, $conn);
        $sql =  "DELETE FROM 2012WSP_Items WHERE id='$row2[id]'";
        $results = $conn->query($sql);
        //echo $sql;
        $error = $conn->error;
        $conn->close();
        
        return $error == '' ? true : array('SQL Error' => $error);
}
function EscapeRow($row, $conn)
{
        $arr = array();
        foreach ($row as $key => $value) {
                $arr[$key] = $conn->real_escape_string($value);
        }
        return $arr;    
}

